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Remarks 

Claims 1-19 are currently pending in the subject application and are presently under 
consideration. A clean version of all replacement paragraphs is found at pages 2-17 and a clean 
version of pending claims is found at pages 18-21 . A marked up version showing changes made 
herein is found at pages 30-44, 

Favorable reconsideration of the subject patent application is respectfully requested in view of 
the comments and amendments herein. 

I. Objection of Drawings 

The drawings have been objected to for minor informalities. Withdrawal of this objection is 
respectfully requested for at least the following reason. 

Fig. 1 has been amended herein to add reference numeral 20 to indicate the computer and 
reference numeral 50 to indicate the memory storage device. Reference numeral 25 has replaced 
reference numeral 24 when referring to the ransom access memory (RAM). 

Fig. 3 has been amended to remove the from step 314 and replaced with ''LOCATION 
ADJUNCT FORMULA CHECK." Support for this amendment can be found, for example, on page 
35, lines 9-12. 

Fig. 4 has been amended so that the instruction in situation 604 reads open ?i.P, Support for 
the amendment can be found, for example, on page 3 1 lines 15-17. 

The specification has been amended on page 3 1 , lines 4, 5, 6, 8, and 19 to replace 'Tig. 6" and 
"Fig. T with 'Tig. 4" and 'Tig. 5." 

A proposed drawing correction to Figs. 1 , 3, and 4 that shows the above corrections circled in 
red ink is submitted herewith. A new set of fonnal drawings will be submitted upon allowance of the 
pending claims. 

II. Objection of Specification 

The specification has been objected to for minor informalities. Withdrawal of this objection is 
respectfully requested for at least the following reasons. 

The specification has been amended to in accordance with the Examiner's suggestions, except for 
item 4-3. Applicants' representative respectfully submits that the table referred to in lines 1 1 -12 of page 
2 1 has twelve statements not ten statements as asserted by the Examiner. 
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II. Rejection of Claims 1-19 Under 35 U.S.C 112 

Claims 1-19 stand rejected under 35 U.S.C. 1 12, first paragraph, as containing subject matter 
which was not described in the specification in such a way as to enable one skilled in the art to which 
it pertains, or with which it is most nearly connected, to make and/or use the invention. Withdrawal 
of this rejection is requested for at least the following reasons. 

Typographical errors throughout the specification have been amended herein. It is respectfully 
submitted that correction of the typographical errors has not introduced new matter into this application. 
More particularly, the specification has been amended to insert the symbol whenever the 

mathematical property of satisfaction is intended. Additionally, the specification has also been amended 
to substitute the symbol ' for certain occurrence of the symbols ''@" and the symbol The 

specification supports this substitution, for example, at page 15 lines 16-18 : 'The symbol @ specifies 
that the left-hand side of the symbol is defined as the right-hand side of the symbol." The herein 
amendment has been made to conform the symbol with the accepted mathematical definition, as well as 
to alleviate confusion as the symbol '''@" is used to define a location adjunct in the table on page 19, line 
21. 

Next, the specificafion has been further amended to insert the symbol whenever a sequent is 

indicated. This amendment is supported in the specification, for example, at page 26, line 1 5, which 
indicates a definition on sequents is to appear. Furthermore, the specification indicates that sequent 
calculus definitions will subsequently appear at page 26 lines 26-3 1 . Because the symbol "h" is well 

known in the world of mathematics as the symbol for sequents, the specification supports these 
amendments. 

Finally, the specification has been amended to substitute the symbol whenever the symbol 

appears. This amendment has been made to avoid confusion, as the symbol is well known in the 
field of mathematics to mean ''greater than." 

With regard to the Examiner's objecfion to the symbol ? in lines 7 and 10 of page 29, it is 
respectfully submitted that the herein amendment clarifies this matter. The function "Head" of page 37, 
line 8 is intended to refer to an emulated machine - the head of the machine is an ambient. Further, it is 
respectfully submitted that the operation "Nexf ' on page 39, line 3 is well known in the art to refer to the 
Next in a series. The fijnction "Check" is described, for example, at page 33, lines 7 -8. 
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Further, the term ''iff is well known in the art to mean "if and only if. 

With regard to the Examiner's objection to the disclosure of a replication-free process employed to 
discuss Fig. 3, the term 'Vestriction-free'' has been replaced with -replication-free—. Accordingly, this 
objection should be withdrawn. 

IK Rejection of Claims 1-19 Under 35 U.S.C. §112 

Claims 1-19 stand rejected under 35 U.S.C. §112, second paragraph, as being indefinite for 
failing to particularly point and distinctly claim the subject matter which applicant regards as the 
invention. Withdrawal of this rejection is requested for at least the following reasons. 

The Examiner has noted that claims 1-19 recite the limitation of a ''process". "Process" is 

defined in the specification at pages 2, line 20 - page 3, line 2 as follow: 

In general, a process or thread resides within a container referred to as 
an ambient. The ambient includes one or more processes or threads, as 
well as any data, etc., that move with the processes or threads. An 
ambient that can move is referred to as a mobile ambient. The ambient 
can be any type of container: a software container such as a particular 
part of an operating system, for example, as well as a hardware 
container, such as a particular computer or peripheral device. 

And at page 4, lines 1 0 - 16: 

The invention relates to ambient calculus-based modal logic model 
checking. In one embodiment, a computer-implemented method 
receives a process, which is also referred to as a thread or agent in 
varying embodiments. The method analyzes the process against a 
formula using a predetermined modal logic based on ambient calculus. 
The formula, for example, can represent a model to be checked, a 
policy to be verified, such as a security policy, etc. The method finally 
outputs whether the process satisfies the formula or not. 

Therefore, it is respectfully submitted that the limitation "process" is not vague or indefinite. 

Next, the Examiner has indicated that claims 1 , 4-9, 11-14 and 16-19 recite the limitation 

"formula". The specification at page 4, lines 10-16 provides: 

The invention relates to ambient calculus-based modal logic model 
checking. In one embodiment, a computer-implemented method 
receives a process, which is also referred to as a thread or agent in 
varying embodiments. The method analyzes the process against a 
formula using a predetermined modal logic based on ambient 
calculus. The formula, for example^ can represent a model to be 
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checked, a policy to be verified, such as a security policy, etc. The 

method finally outputs whether the process satisfies the fonnula or not. 
Id. (emphasis added). 

Further, at page 13, lines 13-18 of the specification: 

The logic of embodiments of the invention pertains to a mobile 
computing environment. Thus, the ambients of FIG. 2 are mobile. As 
shown in FIG. 2, for example, the ambient 202 is moving out of the 
ambient 204. There may be, for example, a particular policy or 
formula, expressed in the logic, that defines whether such a move 
can occur, such that it can be applied against the ambient 202 and 
the policy therein to determine whether such a move should be 
allowed to occur. 

Id. (emphasis added). 

Therefore, it is respectfully submitted that the limitation "formula" is not vague or indefinite. 

Accordingly, withdrawal of this rejection with respect to claims 1 -1 9 is respectfully requested. 

III. Rejection of Claims 1-13 Under 35 U.S.C. §101 

Claims 1-13 are rejected under 35 U.S.C. §101 because the inventions as disclosed in claims 
are directed to non-statutory subject matter. Withdrawal of this rejection if requested for at least the 
following reasons. 

Claims 1-13 are directed to statutory subject matter under 35 U.S.C. §101, //i re 
Warmerdam, 33 F. 3d 1 354, 3 1 USPQ2d 1 754 (Fed. Cir. 1 994), State Street Bank & Tmst Co. v. 
Signature Financial Group^ Inc., 149 F. 3d 1368, 47 USPQ2d 1596 (Fed. Cir. 1998) and AT&T Corp. 
V. Excel Communications, Inc., 172 F. 3d 1352, 50 USPQ2d 1447 (Fed. Cir. 1447). 35 U.S.C. §101 
provides: 

Whoever invents or discovers any new and useful process, machine, 
manufacture, or composition of matter, or any new and useful 
improvement thereof, may obtain a patent therefore, subject to the 
conditions and requirements of this title. 

Id. 

In In re Warmerdam, the Court noted: 

[T]he disposifive issue for assessing compliance with §101 in this case 
is whether the claim is for a process that goes beyond simply 
manipulating "abstract ideas" or "natural phenomena". 

* * * 
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As the Supreme Court has made clear, "an idea of itself is not 
patentable," Rubber-Tip Pencil Co. v. Howard, 87 U.S. 498, 507, 20 
Wall. 498, 22 L. Ed. 410 (1874); taking several abstract ideas and 
manipulating them together adds nothing to the basic equation. 

at 1360. 

In State Street the Court noted: 

The question of whether a claim encompasses statutory subject matter 
should not focus on which of the four categories of subject matter a 
claim is directed to process, machine, manufacture, or composition of 
matter but rather on the essential characteristics of the subject matter, 
in particular, its practical utility." 

Id, at 1375. 

With regard to the ''mathematical algorithm" exception to statutory subject matter, the State Street 

Court noted that "the mathematical algorithm is unpatentable only to the extent that it represents an 

abstract idea . . Id. at note 4 (emphasis added). The State Street Court further noted: 

Unpatentable mathematical algorithms are identifiable by showing they 
are merely abstract ideas constituting disembodied concepts or truths 
that are not "useful." From a practical standpoint, this means that to be 
patentable an algorithm must be applied in a "useful" way . In A lappa t, 
we held that data, transformed by a machine through a series of 
mathematical calculations to produce a smooth waveform display on a 
rasterizer monitor, constituted a practical application of an abstract idea 
(a mathematical algorithm, formula, or calculation), because it 
produced "a useful, concrete and tangible result" ~ the smooth 
waveform. 

Id, at 1373 (emphasis added). 

Thus, under State Street in order to be patentable, a mathematical algorithm must be applied in a 
"useful" way. 

Significantly, in State Street, with regard to the "business method" exception, the Court, 
discussing the Examination Guidelines, noted "[wjhether the claims are directed to subject matter 
within §101 should not turn on whether the claimed subject matter does 'business' instead of 
something else." Id, at 1377. Thus, it is respectfully submitted that the Examiner's discussion 
regarding the "business method" exception is without merit. 

The present invention as claimed is characterized as a computer-implemented method and/or a 
machine-readable medium having instructions stored thereon for execution by a process to perform a 
method that receives a process, analyzes the process against a formula using a predetermined modal 
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logic based on ambient calculus, and, outputs whether the process satisfies the formula or not. 

Moreover, with regard to practical application of the present invention as claimed, the 

specification of the subject application provides: 

Computing has become increasingly interconnected. Whereas before 
computers were discrete, unconnected units, because of the Internet as 
well as other networks, they are increasingly fluid, interconnected units. 
A computer program, which may be made up of one or more executable 
processes, or threads, may be mobile. For example, a thread of the 
program may move from computer to computer over the Internet. It 
may be executed in a distributed fashion over many computers, or a 
different instance of the thread may be run on each of many computers. 

The movement of threads from computer to computer, or even 
to different parts within the same computer, poses new security and 
other risks for which there is no formal analysis mechanism. For 
example, a thread may be unstable, such that having it be run on a 
particular computer may cause the computer to crash. More so, the 
thread may be malicious, such as part of a virus program, such that its 
purpose is to compromise the computers it moves to. 

More specifically, there are two distinct areas of work in 
mobility: mobile computing, concerning computation that is carried out 
in mobile devices (laptops, personal digital assistants, etc.), and mobile 
computation, concerning mobile code that moves between devices 
(agents, etc.). Mobility requires more than the traditional notion of 
authorization to run or to access information in certain domains: it 
involves the authorization to enter or exit certain domains. In particular, 
as far as mobile computation is concerned, it is not realistic to imagine 
that an agent can migrate from any point A to any point B on the 
Internet. Rather an agent must first exit its administrative domain 
(obtaining permission to do so), enter someone else's administrative 
domain (again, obtaining pennission to do so) and then enter a 
protected area of some machine where it is allowed to run (after 
obtaining permission to do so). 

Access to information is controlled at many levels, thus multiple 
levels of authorization may be involved. Among these levels we have: 
local computer, local area network, regional area network, wide-area 
intranet and internet. Mobile programs should be equipped to navigate 
this hierarchy of administrative domain, at every step obtaining 
authorization to move further. Laptops should be authorized to access 
resources depending on their location in the administrative hierarchy. 

In general, a process or thread resides within a container 
referred to as an ambient. The ambient includes one or more processes 
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or threads, as well as any data, etc., that move with the processes or 
threads. An ambient that can move is referred to as a mobile ambient. 
The ambient can be any type of container: a software container such as 
a particular part of an operating system, for example, as well as a 
hardware container, such as a particular computer or peripheral device. 

More specifically, an ambient has the following main 
characteristics. First, an ambient is a bounded placed where 
computation happens. The interesting property here is the existence of a 
boundary around an ambient. Examples of ambients include: a web 
page (bounded by a file), a virtual address space (bounded by an 
addressing range), a Unix file system (bounded within a physical 
volume), a single data object (bounded by "self) and a laptop (bounded 
by its case and data ports). Non-examples are: threads (the boundary of 
what is "reachable" is difficult to determine) and logically related 
collections of objects. 

Second, an ambient is something that can be nested within other 
ambients. For example, to move a running application from work to 
home, the application must be removed from an enclosing (work) 
ambient and inserted in a different enclosing (home) ambient. A laptop 
may need a removal pass to leave a workplace, and a government pass 
to leave or enter a country. 

Third, an ambient is something that can be moved as a whole. If 
a laptop is connected to a different network, all the address spaces and 
file systems within it move accordingly and automatically. If an agent 
is moved from one computer to another, its local data should move 
accordingly and automatically. 

As mentioned, there is no formal analysis mechanism within the 
prior art for such mobile ambients. This means that there is no manner 
by which to describe formally, for example, a security policy for a 
given computer system, which could be applied against a mobile 
ambient within a formal analysis mechanism to determine if the 
ambient poses a security or other risk to the system. In particular, most 
formal analysis mechanisms, or frameworks, only provide for temporal 
distinction among processes and ambients, but assume that the 
processes and ambients are stationary - or otherwise do not provide for 
spatial distinction among them. Furthermore, there is no manner by 
which to formally verify that a policy or other model for process and 
ambients can be verified for correctness. 

Specification at page 1, line 14 - page 4, line 6. 

Accordingly, ambient calculus-based modal logics, and more specifically, model checking for 

ambient calculus-based modal logics have practical application. 
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The present invention as claimed is characterized as a computer-implemented method and/or a 
machine-readable medium having instructions stored thereon for execution by a process to perform a 
method that receives a process, analyzes the process against a formula using a predetermined modal 
logic based on ambient calculus, and, outputs whether the process satisfies the fonnula or not. Model 
checking for ambient calculus-based modal logics has practical application, thus, the present 
invention as claimed is directed to statutory subject matter. 

Accordingly, withdrawal of this rejection is hereby requested. 

IV. Conclusion 

The present application is believed to be condition for allowance in view of the above 
amendments and comments. A prompt action to such end is earnestly solicited. 

In the event any fees are due in connection with this document, the Commissioner is 
authorized to charge those fees to Deposit Account No. 50-1063. 

Should the Examiner believe a telephone interview would be helpful to expedite favorable 
prosecution, the Examiner is invited to contact applicant's undersigned representative at the telephone 
number listed below. 



Respectfully submitted, 
AMIN & TUROCY, LLP 




Himanshu S. Amin 
Reg. No. 40,894 



Amin & Turocy, llp 
24™ Floor, National City Center 
1900 E. 9™ Street 
Cleveland, Ohio 441 14 

Telephone (216) 696-8730 
Facsimile (216) 696-8731 
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Marked Up Version of The Specification 

Please enter the following amendments to the specification. 

K Please amend the paragraph at page 10, line 21- page 11, line 8, as follows: 

The computer 20 may operate in a networked environment using logical connections to one or 
more remote computers, such as remote computer 49. These logical connections are achieved by a 
communication device coupled to or a part of the computer 20; the invention is not limited to a 
particular type of communications device. The remote computer 49 may be another computer, a 
server, a router, a network PC, a client, a peer device or other common network node, and typically 
includes many or all of the elements described above relative to the computer 20, although only a 
memory storage device 50 has been illustrated in FIG. 1 . The logical connections depicted in FIG. 1 
include a local-area network (LAN) 51 and a wide-area network (WAN) 52. Such networking 
environments are commonplace in office networks, enterprise-wide computer networks, intranets and 
the [Internal] Internet , which are all types of networks. 

2. Please amend the paragraph at page 11, lines 9-19, as follows: 

When used in a LAN-networking environment, the computer 20 is connected to the local 
network 51 through a network interface or adapter 53, which is one type of communications device. 
When used in a WAN-networking environment, the computer 20 typically includes a modem 54, a 
type of communications device, or any other type of communications device for establishing 
communications over the wide area network 52, such as the [Internal] Internet . The modem 54, 
which may be internal or external, is connected to the system bus 23 via the serial port interface 46. 
in a networked environment, program modules depicted relative to the personal computer 20, or 
portions thereof, may be stored in the remote memory storage device. It is appreciated that the 
network connections shown are exemplary and other means of and communications devices for 
establishing a communications link between the computers may be used. 
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3. Please amend the table at page 

(1) /"(0)[@] =(l> 

(2) /,7(P|0 m=MP) uMQ) 

{3)M\P)[@]±MP) 

{4)MM[P])[@] ^MM)uMP) 
{5)MM.P) [@] ^MM) uMP) 

(6) //j((/t).P) [@] i//7(P)-{"} 

(7) /a7((A/)) [@]AMM) 



between lines 14 and 15, as follows: 

(8)>(/0 [@]^ W 
{9)MinM)[@] ^MM) 
(10)//7(o^//A^[@] ^MM) 
{\\)MopenA4)[@] ^fn{hd) 

(12) //7(e) [@]^(l> 

(13) fn(M M') [@] =fn{M) ufn{M') 



15, 



4. Please amend the paragraph at page 15, line 16 - page 16, line 8 as follows: 

The thirteen statements within this table are explained as follows. The first statement states 

that there are no free names for the inactivity process. The symbol ^ [@] specifies that the left-hand 

side of the symbol is defined as the right-hand side of the symbol. This definition is applicable in any 
statement in which the symbol ^ [@] appears. The second statement states that the fi"ee names for 

the composition P\Q are the free names for P conjoined with the free names for Q. The third 
statement states that when a process is replicated from another process, it has the same free names as 
that latter process. The fourth statement states that the free names of a container M having therein a 
process P are the free names of M by itself conjoined with the free names of P - that is, M[P] cannot 
take on any names that are not allowed by either M itself or P itself The fifth statement states that 
the free names of the capability action M,P cannot take on any names that are not allowed by either M 
itself or P itself The [fifth] sixth statement states that the free names of the input action (n). Parc the 
free names of the process P, minus the name n. 
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5. Please amend the paragraph at page 18, line 29- pagel9, line 11, as follows: 

Finally, the following syntactic conventions and abbreviations, as summarized in the next 

table, are used herein. A fact is also provided. 

Syntactic conventions 

\P\Q is read {\P)\Q 

M.P\Q is read [M .P)\Q 

{n).P\Q is read [{n).P)\Q 

Abbreviations 

^ [@] ^ ^0 (where appropriate) 

Fact 

n [P] = m [P '] iff /? - m and P = P" 

6. Please amend the table at page 19, following line 20, as follows: 



A,B.( 






1 


T 


true 


2 




negation 


3 


AvB 


disjunction 


4 


,7[A] 


location 


5 


A'|A" 


composition 


6 


3/7.A 


existential quantification over names 


7 




somewhere modality (spatial) 


8 


OA 


sometime modality (temporal) 


9 


A@« 


location adjunct 


10 


A[>]>B 


composition adjunct 
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7. Please amend the paragraph at page 20, lines 1-12 as follows: 

The logical formulas of the preceding table are described as follows. The first statement is a 
logical true, while the second statement is a logical negation and the [fourth] third statement is a 
logical disjunction. The fourth statement means that the process A is located within the container, or 
ambient, n. The fifth statement is a logical composition. The sixth statement specifies the existential 
quantifier operation, that there is some process A within the container named n. The seventh 
statement specifies a spatial operator, that somewhere, at some location, the process A exists. That is, 
within some container, anywhere in the domain space being considered, the process A exists. 
Similarly, the eighth statement specifies a temporal operator, that at some point in time, the process A 
will exist (or currently exists). The ninth statement specifies that the process A exists within the 
container named n. Finally, the tenth statement is a logical composition adjunct. 

8. Please amend the table on page 20, following line 12, as follows: 



1 F 


_A 


[@]-T 


false 


2AaB 


_A 


[@]-,(^Av-.B) 


conjunction 


3A^8 


A 


[@]^AvB 


implication 


4A«B 


A 


[@](A=>B)a(B=>A) 


logical equivalence 


SAmB 


A 




decomposition 


6 !A 


A 


[@]AiiF 


every component satisfies A 


7?A 


A 


[@]A|T(«-,!^A) 


some component satisfies A 


8 V/i. A 


A 


[@]-.3n.^k 


universal quantification over names 


9 HA 




[@]^^-,A 


everywhere modality (spatial) 


IOdA 


_^ 


[@]-0-A 


everytime modality (temporal) 


11 A@ 


A 


[@]V/j. A @n 


in every location context 


12 >[>]A 


A 


[@]T>[>]A 


in every composition context 
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9. Please amend the paragraph at page 20, line 16- page 21, line 12 as follows: 

The derived connectives of the preceding table are explained as follows. The first statement is 
the logical false, and is derived and defined as a function of the logical true. The second statement is 
the logical conjunction, while the third statement is the logical implication and the fourth logical 
equivalence. The fifth statement specifies logical decomposition. The sixth statement defines !Aas 
universal safisfaction, that every component satisfies the process A. Likewise, the seventh statement 
defines ? Aas partial satisfaction, that some component satisfies the process A. The eighth statement 
defines the universal quantifier V in terms of the existential quantifier 3; that all the processes A are 
within the container n. The ninth statement states that the process A exists everywhere, fi-om a spatial 
perspective, while the tenth statement states that the process A has existed, and still exists, at every 
time. The eleventh and twelfth statements specify the in every location context and the in every 
composition context, respectively, and are derived fi-om the [eleventh and twelfth] ninth and tenth 
logical formula statements of the logical formulas table. 

10, Please amend the paragraph at page 21, lines 16-17, as follows: 

• Infix '[>] >• binds stronger than |, and they both bind stronger than the standard logical 
connectives. 



11. Please amend the paragraph at page 21, line 22 - page 22, line 2 as follows: 

The satisfaction relation P NA (process P satisfies formula A) is defined inductively in the 

following tables, where Fl is the sort of processes, O is the sort of formulas, and A is the sort of 
names. Quantification and sorting of meta-variables are made explicit because of subtle scoping 
issues, particularly in the definition of P N 3/7.A. Similar syntax for logical connectives is used at the 
meta-level and object-level. 
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12. Please amend the table on page 22, between line 11 and line 13, as follows: 



y rA 1. 


ri I— T* 

F T 


[^]= 




V/ D. PI A-rh 




[^] = 


— ir F A 


y l A 


o t- Av 0 
^ F AVD 


[~]~ 


F A V F 0 


V / .1 l,/7./\, HAl^. 


I F /7[AJ 


[^]= 


dV .1 1. J = n[r Jay FA 


V/*:n,A,0:O. 


P N A 1 B 


[-] = 


3P\P":n. P = A ^ A A P" N B 


MP:U, ir.A, A:cD. 


P h 3«.A 


[-]^ 


3/w:A. A{/7<-m} 


VF:n, A:(l> 




[-]^ 


3P':n.Pi*P'AP'N A 


VP:n, A:0 




[-]^ 


3/^':n.P^*P'AP'h A 


yP:U, A:0 




[^]^ 


A7[/^] h A 


VP:n, A,B:(J>. 


PM[>kB 




VP':n.P'^A^/^|/>'feB 



13. Please amend the paragraph on page 22, lines 19-20 as follows: 

• A process P satisfies the n[k] formula if there exists a process P' such that P = nlP"] and P' 

14. Please amend the paragraph at page 22, lines 21-22 as follows: 

• A process P satisfies the A'|[A"]B formula if there exist processes P' and P" such that P^P'\ 

with P' satisfying A' and P" satisfying [A"]B. 

15. Please amend the paragraph at page 23, lines 6-7 as follows: 

• A process P satisfies the formula OA if A holds in the future for some residual P'ofP, where 
"residual" is defined by P *P 

16. Please amend the paragraph at page 23, lines 10-14, as follows: 

• A process P satisfies the formula A >[>]B if, given any parallel context P ' satisfying A, the 

combination P'\P satisfies B. Another reading of P NA >[>]B is that P manages to satisfy B 
under any possible attack by an opponent that is bound to satisfy A. Moreover, " P satisfies 
(□A) >[>](dA)" means that P preserves the invariant A. 
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17. Please amend the table at page 23, between lines 14 and 16, as follows: 



VP:n. 






V/^:n,AJ: O. 


PNAaB 


iffPh AaPNB 


VP:n,AJ: O. 


PNA=>B 


iffPhA^P^B 


VP:n,AJ: O. 


PhAoB 


iffPhAoPNB 


VP:n, A,B: O. 


FNAmB 


iff VF,/"':n. P s P'|P" z:> P- ^ A V P" ^ B 


VP:n,A:(l>. 


!A 


iff VP',P":n. P s P'|P" => P- ^ A 


\/P:U,k: O. 


P^?A 


iff 3P',P":n. P = F\P" A P' h A 


VP:n,/j: A, A: O. 


V/7.A 


iffVm: A.PhA{«<-m} 


\fP:U,k (t>. 


hA 


iffVP':n.Pi*P'=>PhA 


VP:n,A: O. 


PNdA 


iffVP':n.P^*P'=>P'hA 


VF:n,A: O. 


PNA@ 


iffV/7: A.PhA@/i 


VP:n,A: O. 


PN [>] >A 


iff VP'in.PIP-hA 




^fe[>] >(A=>B) 


iff VP':n. P'|P h A ^ P'|P tifcf.PK [>] > B) 



18* Please amend the paragraph at page 23, lines 23-24 as follows: 

• A process P satisfies the A'iiB[A"] formula if for every decomposition of P into processes F and 
r such that P = F\F\ either F satisfies A' or P" satisfies [A"] B. 

19. Please amend the paragraph at page 24, lines 13-14, as follows: 

• A process P satisfies the formula [>] > A if for every process (i.e., for every context) the 
combination of P and with that process satisfies A. 

20. Please amend the paragraph at page 24, lines 15-18, as follows: 

• If process P satisfies the formula A [>] > B, it means that in every context that satisfies A, the 
combination (of P and the context) satisfies B. Instead, if process P satisfies the fonnula [>] 
>(A=>B), it means that in every context, if the combination satisfies A then the combination 
satisfies B. 

21. Please amend the paragraph at page 24, line 22, as follows: 

p = />'=>(PNA^/^'N A) 
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22. Please amend the paragraph at page 24 line 27- page 25, line 33, as follows: 

A list of examples of the satisfaction relations is now provided. These examples should appear 
intuitively true from the definitions. 

Location 

"[] N n[T] 

/?[] I 0 ^ /7[T], because /?[] | 0 = n[] 
"['"[]] t "[/"[T]] 

N m[T], if n^^m 

Composition 

«[] I m[] h «[T] I m[T] 

"[] I h "ilT] I "[T], because n[] \ m[] = m[] \ n[] 
n[]\Ptn[T]\T 

"[] t "[T] I T, because n[] = n[] | 0 

!«[] ^ 77[T] I T, because !77[] = n[] \ \n[] 

-"[]h«[T]|/7[T] 

-,«[]|«[]h«[T] 

-^\n[]tn[T] 

—in[] I open m ^ /t[T] 

Quantification 

n[] t 3/w.m[T] iff 3p. n[] tp[T] iff «[] t iff true 

h 3rt./7[/7[T]] iff 3p. «[/«[]] hpb[T]] iff false 
0 1 V/7. ^«[T] 

Spatial Modality 

n[in[]] t <^m[T] 

n[m[] I N ^►77j[T] 

Temporal Modality 

I open n h 0/7j[T] 

n[n[]] I open n N □(/7[T] | T) 

Location Adjunct 

«[] N w[/j[T]]@m 
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n[oia m] t {On[T])@m 

Composition Adjunct 

n[]^m[T][>]> {n[T]\m[T]) 

open fh m[] t (d/?[T]) [>] >(0/?7[T]) 
Presence 

an n [ = n[T] | T (there is now an n here) 

no n [-] = ^an n (there is now no n here) 

one n [=] ^ n[T] \ no n (there is now exactly one n here) 

unique n [ = ]= n[^ no n] \ ^ no n (there is now exactly one /?, and it is here) 

!(/7[T] => rt[A]) (every n here satisfies A) 



23. Please amend the table at page 24, lines 40-42, as follows: 
vldk [^]A \fP\T\,P^k A is valid 

satk [^]A 3P:n. P^A A is satisfiable 

24. Please amend the paragraph at page 26 lines 14-16, as follows: 

Sequents: 

AhB [-]= vW(A==>B) 

25. Please amend the paragraph at page 26 lines 17-22, as follows: 

Rules: 

A,hfli;...;A.hBJAhB[-]^ 

AihBi A.. AA;,hB«=>AhB (n>0) 
AihBi//A2hf!2 

A]hBi/A2hB2 AA2hB2/A,hBi 
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26. Please amend the paragraph at page 26, lines 27-33, as follows: 

The following is a non-standard presentation of the sequent calculus, where each sequent has 

exactly one assumption and one conclusion: AhB- This presentation is adopted because the logical 

connectives introduced later do not preserve the shape of multiple-assumption multiple-conclusion 
sequents. Moreover, in this presentation the rules of propositional logic become extremely 
symmetrical. Propositional logic is summarized in the following table. 

27. Please amend the table between page 26, line 33 and page 27, line 2, as follows: 

( A-L) Aa((aO) h B // (AaO aD h B 
(A-R) Ah(CvD)vB//Ah(v(DvB) 
(X-L) AA(hB/(AAhB 
(X-R) Ah(vB/AhBv( 
(C-L) AAAhB/AhB 
(C-R) AhBvB/AhB 
(W-L) AhB/AAChB 
(W-R) AhB/AhM 
(Id) /AhA 

(Cut) AhCvB;A'A(h87AAA'hBvB' 

(T) AAThB/AhB 

(F) AhFvB/AhB 

(-.-L) Ah(vB/AA-,(hB 

(-^-R) AA(hB/Ah-'(vB 

(a) AhB;A'hB7AAA'bBAB' 

(v) AhB;A'hB7AvA'hBvB' 

28. Please amend the paragraph at page 27, lines 6-11, as follows: 

For predicate logic the syntax of formulas (but not of processes) is enriched with variables 
ranging over names. These variables are indicated by letters x, y, z. Quantifiers bind variables, not 
names. Then, if /v(A)={x/, .... Xk) are the free variables of A and cpe/v(A) -»A is a substitution of 
variables for names, A,p for A {xi<— (p(xi), Xk<r-i^(xk)} is written, and the following is defined: 

vWA \/P:U.PtK 
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29. Please amend the table at page 27, bet>veen lines 1 1 and 15, as follows: 

(V-L) A {.Y<-m} hB/V.Y.A hB 

( V-R) A h B / A h V.v.B Where .y g .MA) 

(3-L) A h B / 3.Y. A hB Where .y € XB) 

(3-R) AhB {x^/n} /Ah3.Y.B 



30. 


Please amend the table at page 28, between lines 7 and 10, as follows: 


(0) 


/ThOA<»-nD-,A 


(H) 


/Th «A<=>-.ti^A 


(oK) 


/ T h dCA ^ B) => (dA oB) 


(H K) 


/Th H(A=^B)=>(HA=> nB) 


(□T) 


/ThaA^A 


(HT) 


/ThHA^A 


(□4) 


/ThnA^^aaA 


(M4) 


/Th hA=> H nA 


(0 M) 


AhB/nAhaB 


(n M) 


AhB/ HAhHB 


(OA) 


□(AA()hB//DAAD(hB 


(Ha) 


H(AA()hB// «AA«(hB 


(□V) 


Aho(CvB)//Ahn(vDB 


(H V) 


Ah H((vB)//Ah hCvmB 



31. Please amend the paragraph at page 28, line 17- page 29, line 10, as follows: 

Finally, location properties, location rules, composition properties, and composition rules 

listed. 

Location Properties 

(3) vW(/7[AAB]«/t[A] A/7[B]) 

(4) v/t/(Aj[AvB]<:^/i[A]v/7[8]) 

Location Rules 

(«[]) AhB///j[A]h«[B] 

(/7[]a) /j[AA(]hB//«[A]A/j[(]hB 

(/;[] a) A h /j[(vB] // A h /7[(]v/j[B] 

Composition Properties 

(5) v/</(A|B=bB|A) 

(6) v/^/(A|(B|()o (A|B)|() 

(7) v/</((AaB)|(=>A|(aB|() 

(8) v/rf((AvB)|(^A|(vB|() 

Composition Rules 
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(I) A'hB';A"hf!"/A'|A"hB'|B" 
(|a) (AAB)|(hO/A|( ABKhO 
(|v) Ah(Bv() |0/AhB|Ov(|D 
(|[?]1J) /A'|A" AB'||B"hA'|B" vB'|A" 
( I ^) / -,(A' I A") A ^(B- 1 B") h ^(B' I A") V (-,A' | -nB") 
( l-E) A h B' I B" ; A'a(B' | (") h 0; A"a(C | B") h 0 
/(AA(A'AA"))A(('||(")hl) 

32. Please amend the paragraph at page 29, lines 14-30, as follows: 

The following propositions and corollaries relate to location adjunct rules, and composition 

adjunct rules. The first proposition states that A@/j and n[k] are adjuncts. 

Proposition: Location Adjunct Rules 
(«[]@) /7[A]hB//AhB@« 

Corollaries 

(3) v/<//7[A@/t] =>A 

(4) v/</A=>7j[A]@/7 

Proposition: Composition Adjunct Rules 
(|[>]>) A|(hB//Ah([>]>B 

Corollaries 

(4) v/</A[>]>B|B=>B 

(5) v/</A=>B[>] >(AB) 

(6) vldk[>] >B I B[>] >( =>A[>] >( 

33. Please amend the paragraph at page 29, lines 34-39, as follows: 

In this sub-section, validity and satisfiability are reflected into the logic, by means of the [>] > 

operator: 

Vldk [s]^ H)[>]>F 
Satk [^]^ ^(A[>]>F) 
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34. Please amend the paragraph at page 30, lines 1-22, as follows: 

From this validity and satisfiability, two propositions and one lemma are described: 

Proposition: Vld and Sat 

(3) vld Vld vld k 

(4) vld Sat k <^ sat k 

Lemma: Vld, Sat Properties 

(3) vld ( ^(AaB) o Vldfi A Vldi) 

(4) vld{Vld{M)<^VldkwVld^) 

Proposition: Vld, Sat is Modal S5 

{Sat) lltSatk<^-^Vld-^k 

(VldK) / T h Vld{k ^ B) ^ {{Vldk) ^{Vldi)) 

(VldT) /Tt{Vldk)^k 

{Vld 5) / T h {Satk) ^ {Vld Sat A) 

{VldM) AhB/ VldktVlS 

{ Vld a) K/rf(A a() h B // Vldk A Vldi h B 

{Vld v) A h Vld{{wl) II k h Vldi V VIS 

35. Please amend the paragraph at page 30, line 30, as follows: 

m = n [ = ]= Vld{an m [>] ^an n) 



36. Please amend the paragraph at page 31, lines 2-7, as follows: 

In this section of the detailed description, examples of mobile computing environments in 
conjunction with the modal logic of the preceding section are presented. Specifically, four separate 
situations are shown in the diagram of FIG. [6] 4, and an additional situation is shown in the diagram 
of FIG. [7] 5. Those of ordinary skill within the art can appreciate that the situations of FlGs. [6] 4 
and [7] 5 are examples for illustrative purposes only, and do not represent a limitation on the 
invention. 
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37. Please amend the paragraph at page 31, lines 8-18, as follows: 

Referring first to FIG. [6] 4, four situations are presented, situations 600, 602, 604 and 606. 
In situation 600, a container n includes a process Q, and includes a policy telling the container how to 
behave. Specifically, the policy is in m.P, which instructs the container /; including the process Q to 
move into the container m already having the policy R therein, as shown in situation 600. In situation 
602, a container n includes a process Q, and the policy telling the container how to behave is out m.P, 
which instructs the container n including the process Q to move out of the container m also having the 
policy R therein, as shown. In situation 604, the policy or instruction open n.P is executed on the 
container n having the process Q, such that Q exits the container as a result. Finally, in situation 
606, a replicated instruction is executed on the process P, such that an additional process P is made 
(that is, process P is copied). 

38. Please amend the paragraph at page 31, line 19-23, as follows: 

Referring next to FIG. [7] 5, a communication operation referred to as a note is shown in the 
situation 700. The note can reside within a container. The capabilities that can be held by the note 
include names, such as /?, as well as action capabilities, such as in n, out /?, open n, or a path, such as 
C.C \ as has been described in the modal logic section of the detailed description. 

39. Please amend the paragraph at page 32, line 22- page 33, line 8, as follows: 

302, 304, 306, 308, 3 10, 3 1 2, and 314 implement the analysis of the process against a formula, 
using a predetermined modal logic based on ambient calculus, according to one embodiment of the 
invention. The formula against which the process is to be analyzed can be a policy, such as a security 
policy or a mobility policy, such that the policy is described using the predetennined modal logic, such as 
has been described in the preceding sections of the detailed description. In one embodiment, the process 
is analyzed in a recursive manner. The analysis of 302, 304, 306, 308, 3 1 0, 3 1 2, and 3 1 4 can be 

summarized as a theorem, specifically, yor all f restriction] replication -free process P and [>] >rfree 
closed formulas K P if and only if Check(PA), where CheckQ is the analysis of 302, 304, 306, 308, 



310, 312, and 314. 
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40. Please amend the paragraph at page 34, lines 1-4 as follows: 

In 306 specifically, the process is partitioned to determine whether each component of the 
process satisfies the formula, or policy. If any component fails against the policy, then the process 
itself fails. The check of 306 only applies if the fonnula is a composition A['] j B. This check can be 
expressed as: 
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